Description
Add revokeRefreshTokensByUserIdExcept for revoking refresh tokens by user id except for a token
Problem
In my project, has a feature that checks if there are any other sessions when you log in. If there are, it will log out all the other sessions, keeping only the one you just logged into.
In this way, we can proceed to app with the newly created session but the other sessions are now invalid, hence the revocation.
Solution
Let's add a revokeRefreshTokensByUserIdExcept feature that accepts a userId and a tokenId and token (we can method overload it) as parameters. The userId will be used to identify for clearing all of user's sessions, and the tokenId will be kept active while the other sessions are revoked.
Alternatives/workarounds
There's a retrieveRefreshTokens(userId: UUID) I can use to fetch all the user's session refresh tokens and use a for each loop for token revocation checking with revokeRefreshTokenById(token: UUID). Kinda like "revoke all tokens except this token".
Additional context
Btw I'm using kotlin with the fusionauth-java-client
Community guidelines
All issues filed in this repository must abide by the FusionAuth community guidelines.
How to vote
Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.